3 理解docker镜像
    build,ship and run是基于镜像系统的.
    打包环境,解决依赖;分层镜像,解决存储利用.
3.1 docker概念介绍
    remote-image-hub/namespace/repository:tag
    layer分层,每一层都由64们十六进制组成;最上层的layer ID是镜像ID,tag提供了易于人识别的名字.
    /var/lib/docker
3.2 使用镜像
    RESTful API或客户端command执行制作,上传,管理,下载.
    3.2.1列出本机镜像
        [root@220 ~]# docker images
        REPOSITORY          TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
        docker.io/centos    latest              0e0217391d41        2 weeks ago         196.6 MB
        docker.io/busybox   latest              fef924a0204a        2 weeks ago         1.114 MB
[root@220 ~]# docker images --help

Usage:  docker images [OPTIONS] [REPOSITORY]

List images

  -a, --all=false      Show all images (default hides intermediate images)
  --digests=false      Show digests
  -f, --filter=[]      Filter output based on conditions provided
  --help=false         Print usage
  --no-trunc=false     Don't truncate output
  -q, --quiet=false    Only show numeric IDs
[root@220 ~]# docker images --filter 'dangling=true'    过滤悬挂镜像(悬挂镜像对我们没有用,且占用资源)
[root@220 ~]# docker images --filter "dangling=true" -q |xargs docker images rmi    删除悬挂镜像

dockviz工具分析images之前分层关系
    3.2.2 Build: 创建一个镜像
    1.直接下载      [root@220 ~]# docker pull centos
    2.导入镜像
        docker import(导入包含文件系统的归档,并把它变成镜像)
        docker load(导入docker save导出的镜像,导入后跟原来的ID分层全部一样)
[root@220 ~]# docker save -o busybox.tar busybox
[root@220 ~]# ls -l busybox.tar
-rw-r--r-- 1 root root 1323008 Mar  4 11:56 busybox.tar
[root@220 ~]# docker load -i busybox.tar
[root@220 ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
docker.io/centos    latest              0e0217391d41        2 weeks ago         196.6 MB
docker.io/busybox   latest              fef924a0204a        2 weeks ago         1.114 MB
    3.制作镜像
        docker export(导出)
        docker commit(增量)
        docker build(dockerfile)
    3.2.3 ship: 传输镜像
        是连接开发与运维的桥梁.
        可制作镜像然后导入.
        使用仓库,利用github的webhook功能自动触发
    3.2.4 run:以images为模板启动容器
        docker run
        docker生命周期:build,ship and run
3.3 docker image 组织结构
    image
        数据(image layer)
        元数据(json)
[root@220 ~]# docker daemon -D -s overlay -g /var/lib/docker
[root@220 ~]# ll /var/lib/docker/
total 24
drwx------ 2 root root    6 Feb 29 17:53 containers
drwx------ 5 root root   50 Feb 29 17:56 devicemapper
drwx------ 9 root root 4096 Mar  4 10:41 graph
-rw-r--r-- 1 root root 5120 Feb 29 20:33 linkgraph.db
drwxr-xr-x 8 root root 4096 Mar  4 10:41 overlay
-rw------- 1 root root  235 Feb 29 17:57 repositories-devicemapper
-rw------- 1 root root  235 Mar  4 11:57 repositories-overlay
drwx------ 2 root root    6 Mar  4 11:57 tmp
drwx------ 2 root root   26 Feb 29 17:56 trust
drwx------ 2 root root    6 Feb 29 17:53 volumes
3.3 Docker image的组织结构
3.3.1数据的内容
docker image 包含着数据及必要的元数据。数据由一层层的image layer组成，元数据则是一些JSON文件，用来数据（image layer）之间的关系及容器的一些配置信息。
[root@220 ~]# nohup docker daemon -D -s overlay -g /var/lib/docker &

[root@220 ~]# docker pull busybox
Using default tag: latest
Trying to pull repository docker.io/library/busybox ... latest: Pulling from library/busybox
9a163e0b8d13: Pull complete
fef924a0204a: Pull complete
library/busybox:latest: The image you are pulling has been verified. Important: image verification is a tech preview feature and should not be relied on to provide security.
Digest: sha256:97473e34e311e6c1b3f61f2a721d038d1e5eef17d98d1353a513007cf46ca6bd
Status: Downloaded newer image for docker.io/busybox:latest
这时有三层layer
[root@220 docker]# docker history busybox
IMAGE               CREATED             CREATED BY                                      SIZE                COMMENT
fef924a0204a        12 days ago         /bin/sh -c #(nop) CMD ["sh"]                    0 B                 
9a163e0b8d13        12 days ago         /bin/sh -c #(nop) ADD file:7cdf7a89f6a004b2e9   1.114 MB            

[root@220 ~]# cd /var/lib/docker/
[root@220 docker]# ls
containers（容器运行相关信息）  devicemapper  graph（各层的元数据）  linkgraph.db  overlay（各层数据）  repositories-devicemapper  repositories-overlay（总体信息）  tmp  trust（验证相关信息）  volumes（数据卷相关信息）
[root@220 docker]# cat repositories-overlay  |python -m json.tool 所有image及对应layerID
{
    "ConfirmDefPush": true,
    "Repositories": {
        "docker.io/busybox": {
            "latest": "fef924a0204a00b3ec67318e2ed337b189c99ea19e2bf10ed30a13b87c5e17ab"
        }
    }
}
数据和元数据
根据repositories-overlay中的id找到数据及元数据
[root@220 fef924a0204a00b3ec67318e2ed337b189c99ea19e2bf10ed30a13b87c5e17ab]# pwd
/var/lib/docker/graph/fef924a0204a00b3ec67318e2ed337b189c99ea19e2bf10ed30a13b87c5e17ab
[root@220 fef924a0204a00b3ec67318e2ed337b189c99ea19e2bf10ed30a13b87c5e17ab]# ls
checksum  json  layersize  tar-data.json.gz
[root@220 fef924a0204a00b3ec67318e2ed337b189c99ea19e2bf10ed30a13b87c5e17ab]# cat json |python -m json.tool
{
    "Size": 0,
    "architecture": "amd64",
    "config": {
        "AttachStderr": false,
        "AttachStdin": false,
        "AttachStdout": false,
        "Cmd": [
            "sh"
        ],
        "Domainname": "",
        "Entrypoint": null,
        "Env": null,
        "ExposedPorts": null,
        "Hostname": "13709f13afe1",
        "Image": "9a163e0b8d138ec700b5a5f7e62509012f7eb34b9f86cd3bbeb3d183958114a9",
        "Labels": {},
        "MacAddress": "",
        "NetworkDisabled": false,
        "OnBuild": null,
        "OpenStdin": false,
        "PublishService": "",
        "StdinOnce": false,
        "Tty": false,
        "User": "",
        "VolumeDriver": "",
        "Volumes": null,
        "WorkingDir": ""
    },
    "container": "d23509cd0189de02bef382544ebfab515f29094f3c0e2f161fa7ce09afa8974e",
    "container_config": {
        "AttachStderr": false,
        "AttachStdin": false,
        "AttachStdout": false,
        "Cmd": [
            "/bin/sh",
            "-c",
            "#(nop) CMD [\"sh\"]"
        ],
        "Domainname": "",
        "Entrypoint": null,
        "Env": null,
        "ExposedPorts": null,
        "Hostname": "13709f13afe1",
        "Image": "9a163e0b8d138ec700b5a5f7e62509012f7eb34b9f86cd3bbeb3d183958114a9",
        "Labels": {},
        "MacAddress": "",
        "NetworkDisabled": false,
        "OnBuild": null,
        "OpenStdin": false,
        "PublishService": "",
        "StdinOnce": false,
        "Tty": false,
        "User": "",
        "VolumeDriver": "",
        "Volumes": null,
        "WorkingDir": ""
    },
    "created": "2016-02-16T22:59:37.407805421Z",
    "docker_version": "1.9.1",
    "id": "fef924a0204a00b3ec67318e2ed337b189c99ea19e2bf10ed30a13b87c5e17ab",
    "os": "linux",
    "parent": "9a163e0b8d138ec700b5a5f7e62509012f7eb34b9f86cd3bbeb3d183958114a9"
}
[root@220 ~]# docker inspect busybox
[
{
    "Id": "fef924a0204a00b3ec67318e2ed337b189c99ea19e2bf10ed30a13b87c5e17ab",
    "Parent": "9a163e0b8d138ec700b5a5f7e62509012f7eb34b9f86cd3bbeb3d183958114a9",
    "Comment": "",
    "Created": "2016-02-16T22:59:37.407805421Z",
    "Container": "d23509cd0189de02bef382544ebfab515f29094f3c0e2f161fa7ce09afa8974e",
    "ContainerConfig": {
        "Hostname": "13709f13afe1",
        "Domainname": "",
        "User": "",
        "AttachStdin": false,
        "AttachStdout": false,
        "AttachStderr": false,
        "ExposedPorts": null,
        "PublishService": "",
        "Tty": false,
        "OpenStdin": false,
        "StdinOnce": false,
        "Env": null,
        "Cmd": [
            "/bin/sh",
            "-c",
            "#(nop) CMD [\"sh\"]"
        ],
        "Image": "9a163e0b8d138ec700b5a5f7e62509012f7eb34b9f86cd3bbeb3d183958114a9",
        "Volumes": null,
        "VolumeDriver": "",
        "WorkingDir": "",
        "Entrypoint": null,
        "NetworkDisabled": false,
        "MacAddress": "",
        "OnBuild": null,
        "Labels": {}
    },
    "DockerVersion": "1.9.1",
    "Author": "",
    "Config": {
        "Hostname": "13709f13afe1",
        "Domainname": "",
        "User": "",
        "AttachStdin": false,
        "AttachStdout": false,
        "AttachStderr": false,
        "ExposedPorts": null,
        "PublishService": "",
        "Tty": false,
        "OpenStdin": false,
        "StdinOnce": false,
        "Env": null,
        "Cmd": [
            "sh"
        ],
        "Image": "9a163e0b8d138ec700b5a5f7e62509012f7eb34b9f86cd3bbeb3d183958114a9",
        "Volumes": null,
        "VolumeDriver": "",
        "WorkingDir": "",
        "Entrypoint": null,
        "NetworkDisabled": false,
        "MacAddress": "",
        "OnBuild": null,
        "Labels": {}
    },
    "Architecture": "amd64",
    "Os": "linux",
    "Size": 0,
    "VirtualSize": 1113554,
    "GraphDriver": {
        "Name": "overlay",
        "Data": {
            "RootDir": "/var/lib/docker/overlay/fef924a0204a00b3ec67318e2ed337b189c99ea19e2bf10ed30a13b87c5e17ab/root"
        }
    }
}
]


Docker把Cgroup，Namespace等容器相关技术整合带入大众视野，糅合老技术适应新技术。
Docker引入联合挂载（union mount）使镜像分层；Git式的管理方式使基础镜像重用。
联合文件（overlayFS）挂载：这类文件系统会把多个目录，可能对应不同的文件系统，挂载到同一个目录，对外呈现这些目录的联合。
     写时复制 copy-on-write，所有导致文件谈到的修改都会添加到新的文件层。
    写时复制是Docker image之所以如此强大的重要原因。快，省空间。
[root@220 ~]# cat /proc/filesystems |grep overlay
nodev   overlay
联合文件系统是实现写时复制的基础。
ubuntu使用aufs，redhat,suse使用devicemapper,另外btrfs也具有写时复制的能力。
[root@220 ~]# mkdir dockerimage
[root@220 ~]# cd dockerimage/
[root@220 dockerimage]# ls
[root@220 dockerimage]# mkdir material
[root@220 dockerimage]# echo bad > material/concrete
[root@220 dockerimage]# echo rebar > material/rebar
[root@220 dockerimage]# mkdir material2
[root@220 dockerimage]# echo good > material2/concrete
[root@220 dockerimage]# echo marble > material2/marble
[root@220 dockerimage]# mkdir merge work build
[root@220 dockerimage]# ls
build  material  material2  merge  work
[root@220 dockerimage]# mount -t overlay overlay -o lowerdir=material:material2,upperdir=build,workdir=work merge
[root@220 dockerimage]# echo 'main structure' >  merge/frame